Privacy Policy

The following document is the complete Privacy Policy for our application and website services, which primarily provide a matching platform with added features for fortune-telling or astrology-based predictions (hereinafter referred to as the “Services”). The text below explains the types of personal data we collect, the reasons and lawful bases for processing, how data is used, disclosure to third parties, retention and security measures, as well as the rights of each user according to applicable laws.
If you use our Services, please read carefully — your use of the Services constitutes acceptance of the practices described in this Policy unless you stop using the Services or delete your account.

1. Introduction

The Company/Service Provider (“we” or “the Company”) is the Data Controller of the personal data relating to the Services. If you have questions, complaints, or wish to exercise your data-subject rights, please contact our Privacy Officer via the following channels:

• Privacy Officer: www.zwinkle.co
  
• Privacy email: support@zwinkle.com
  
• Address (if applicable):
  999/39 Lio Phahonyothin-Watcharapol Village, Soi Phahonyothin 54/1, Intersection 4-13, Phahonyothin Road,
  Khlong Thanon Subdistrict, Sai Mai District, Bangkok 10220

We greatly value user privacy and are committed to maintaining the security of your personal data in accordance with international standards and applicable legal obligations.

2. Scope of This Policy

This Policy applies to personal data we collect from users when using our Services, including registration, app/website use, support contact, payments, or any other activities related to our Services.
This Policy does not apply to information you voluntarily share with third parties outside our platform, such as public posts on social networks beyond our control.

3. Types of Data We Collect

We collect several categories of personal data:

3.1 Data Provided Directly by Users

When you register or create a profile, we may request identifiable data such as:

• Name (or display name)
  
• Date of birth
  
• Gender
  
• Sexual orientation or matching preferences (if you choose to provide it)
  
• Email
  
• Phone number
  
• Profile photos, videos, or audio files you upload
  
• Profile information such as bio, interests, hobbies, residence location
  
• Information required for astrology/fortune-telling features, such as date, time, and place of birth (if you choose to provide it)

For payments or in-app purchases, we may collect certain payment-related data such as purchase history and necessary billing information (we do not store unencrypted credit card numbers).

3.2 Technical and Automatically Collected Data

When using the Services, our systems automatically record:

• IP address
  
• Device type
  
• Operating system
  
• App version
  
• Network information
  
• Device identifiers (Device ID, Advertising ID)
  
• Cookies and tracking technology data
  
• Usage logs (login time, pages accessed, activities in-app)
  
• Analytical data for understanding user behavior and improving Services

3.3 Data from External Service Providers and Third Parties

We may receive data from:
Payment processors (e.g., Stripe) for payment verification

• Analytics services (e.g., Google Analytics, Firebase Analytics)
  
• Social media platforms if you choose to connect your accounts

3.4 Data Derived from Astrology/Fortune-Telling or Profile Personalization Features

The system may process birth information, gender, and profile data to generate predictions or recommendations. These generated results may be stored to support ongoing service delivery or improve prediction models.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes, aligned with legal bases under applicable data protection laws (e.g., GDPR):

1. To provide core Services — account creation, profile display, matching features.
   Legal basis: Contract.
   
2. To operate astrology/fortune-telling features — processing birth data and profile data.
   Legal basis: Consent or Contract (if part of subscribed services).
   
3. To improve user experience and develop new features — analytics, UI personalization, testing.
   Legal basis: Legitimate interest or Consent.
4. For security and fraud prevention — detecting abnormal usage or account misuse.
   Legal basis: Legitimate interest.
   
5. For marketing and advertising (with consent) — promotions or personalized ads.
   Legal basis: Consent.
   
6. To comply with legal obligations — disclosures required by authorities or courts.
   Legal basis: Legal obligation.
   If data is used for additional purposes not stated above, we will seek your consent or provide opt-out options.

5. Disclosure of Data to Third Parties

To provide efficient Services, we may share data with:

• Infrastructure and hosting providers (cloud/hosting services)
  
• Payment processors (e.g., Stripe) — we do not store unencrypted card details
  
• Analytics & advertising partners (e.g., Google Analytics, Firebase)
  
• Push notification services (e.g., Firebase Cloud Messaging)
  
• Email or newsletter providers, technical consultants, system administrators

Data transfers are protected under Data Processing Agreements requiring proper security and limited use.
We do not sell personal data for commercial purposes. If such activities arise, we will notify you and request consent as required by law.

6. Cookies & Tracking Technologies

We use cookies and similar technologies for functionality, analytics, user preferences, and—with consent—personalized advertising.

Types include:
Essential cookies — login session, security
Functional cookies — language settings, preferences
Analytics cookies
Marketing cookies (with consent)

Users may manage or refuse cookies through browser settings or our in-app cookie settings. Some functions may be limited if cookies are disabled.

7. User Rights

Users have the following rights:

• Right of Access — request a copy of your data
  
• Right to Rectification — correct inaccurate or incomplete data
  
• Right to Erasure — request deletion when legally applicable
  
• Right to Restrict Processing
  
• Right to Data Portability
  
• Right to Object — especially to direct marketing
  
• Right to Withdraw Consent

To exercise these rights, contact: support@zwinkle.co
We typically respond within 30 days, extendable up to 60 days for complex cases.

8. Data Retention

We retain data only as long as necessary:
Account & profile data — until account deletion unless legal retention applies

• Payment data & receipts — typically 5–10 years depending on jurisdiction
  
• Logs & analytics data — 12–24 months
  
• Legal claim–related data — for the statutory limitation period

When no longer needed, data will be deleted or anonymized.

9. Security Measures

We implement technical and organizational safeguards, including:

• TLS/HTTPS encryption
  
• Encryption-at-rest for sensitive data
  
• Access control and authentication
  
• Audit logs
  
• Vulnerability management and penetration testing
  
• Staff privacy training and restricted data access

If a data breach affects user rights, we will notify impacted users promptly as required by law.

10. Children’s Privacy

The Service is not permitted for users under 20 years old (or the higher local legal age).
We do not knowingly collect personal data from minors. If discovered, such data will be deleted immediately.
Parents may contact support@zwinkle.co for concerns.

11. Changes to This Policy

We may update this Policy to reflect changes in services, operations, or legal requirements.
Material updates will be notified via:

• In-app notifications
  
• Email
  
• Announcements on our website
• The “Effective Date” will be updated accordingly.

12. Complaints & Regulatory Contact

You may submit complaints to our Privacy Officer. If unsatisfied with our response, you may contact:

• The Personal Data Protection Committee
  
• The relevant Data Protection Authority in your jurisdiction (e.g., EU)
  

13. Regional Disclosures

13.1 EU Users (GDPR)

We are the Data Controller and process data under lawful bases: consent, contract, legal obligation, legitimate interest.
For cross-border transfers, contact us for additional details.

13.2 California Users (CCPA/CPRA)

California residents have rights including knowing what data is collected, accessing data, deleting data, and opting out of data sale.
We do not sell personal data without explicit consent.

13.3 Other Regions

We comply with additional local requirements where applicable.

14. International Data Transfers

Your data may be stored on servers located in multiple countries.
We use Standard Contractual Clauses and equivalent safeguards to ensure lawful, secure transfers.

15. Public Profile Confidentiality

Profile information that you choose to make public may be visible to other users.
You may adjust privacy settings, but public data may be copied or saved by others beyond our control.

16. User Safety Recommendations

• Use a strong, unique password
  
• Enable two-factor authentication (2FA)
  
• Avoid sharing sensitive personal information publicly
  
• Contact support immediately if suspicious activity occurs

17. Additional Notes for Astrology/Fortune-Telling Features

Astrology features provide entertainment and guidance only.
They do not replace legal, medical, psychological, or high-risk professional advice.
Sensitive data (e.g., health, religious beliefs, sexual lifestyle) will be handled with extra care and may require explicit consent.